From 6f3f8b6a96521a2f2042566cfb04e400355c7094 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 24 Jan 2025 14:23:28 -0500 Subject: [PATCH 1/2] build(deps): bump the actions group with 2 updates (#1291) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- .github/workflows/scorecards-analysis.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f7005716..c07010f5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -112,7 +112,7 @@ jobs: uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - name: publish - uses: pypa/gh-action-pypi-publish@67339c736fd9354cd4f8cb0b744f2b82a74b5c70 # v1.12.3 + uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4 with: packages-dir: built-packages/ diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 9c1a0248..20eed2d0 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -52,6 +52,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ee117c905ab18f32fa0f66c2fe40ecc8013f3e04 # v3.28.4 + uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 with: sarif_file: results.sarif From 76e27dba2c302b162a174045c97ffbd8c9ee21bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 28 Jan 2025 14:21:25 -0500 Subject: [PATCH 2/2] build(deps): bump the actions group with 2 updates (#1292) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 4 ++-- .github/workflows/conformance.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/lint.yml | 6 +++--- .github/workflows/pin-requirements.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/requirements.yml | 2 +- .github/workflows/scorecards-analysis.yml | 2 +- .github/workflows/staging-tests.yml | 2 +- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 63874daa..864f0fe7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,7 +33,7 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: ${{ matrix.conf.py }} allow-prereleases: true @@ -110,7 +110,7 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: '3.x' diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index 2d7e7184..72220b8c 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -15,7 +15,7 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.x" cache: "pip" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 3308498a..4a0d08a1 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -13,7 +13,7 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.x" cache: "pip" diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 95456436..ac5048db 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,7 +14,7 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.x" cache: "pip" @@ -35,7 +35,7 @@ jobs: # NOTE: We intentionally check `--help` rendering against our minimum Python, # since it changes slightly between Python versions. - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.9" cache: "pip" @@ -71,7 +71,7 @@ jobs: persist-credentials: false # NOTE: We intentionally check test certificates against our minimum supported Python. - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.9" cache: "pip" diff --git a/.github/workflows/pin-requirements.yml b/.github/workflows/pin-requirements.yml index ce6e0d18..1cb97934 100644 --- a/.github/workflows/pin-requirements.yml +++ b/.github/workflows/pin-requirements.yml @@ -70,7 +70,7 @@ jobs: git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git config user.name "github-actions[bot]" - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version-file: install/.python-version cache: "pip" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c07010f5..49d74344 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: # NOTE: We intentionally don't use a cache in the release step, # to reduce the risk of cache poisoning. diff --git a/.github/workflows/requirements.yml b/.github/workflows/requirements.yml index 6cf1140a..e6d61bca 100644 --- a/.github/workflows/requirements.yml +++ b/.github/workflows/requirements.yml @@ -36,7 +36,7 @@ jobs: ref: ${{ env.SIGSTORE_REF }} persist-credentials: false - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 name: Install Python ${{ matrix.python_version }} with: python-version: ${{ matrix.python_version }} diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml index 20eed2d0..b4c2a803 100644 --- a/.github/workflows/scorecards-analysis.yml +++ b/.github/workflows/scorecards-analysis.yml @@ -52,6 +52,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4 # v3.28.5 + uses: github/codeql-action/upload-sarif@17a820bf2e43b47be2c72b39cc905417bc1ab6d0 # v3.28.6 with: sarif_file: results.sarif diff --git a/.github/workflows/staging-tests.yml b/.github/workflows/staging-tests.yml index 13661a9a..7f9f7b7d 100644 --- a/.github/workflows/staging-tests.yml +++ b/.github/workflows/staging-tests.yml @@ -21,7 +21,7 @@ jobs: with: persist-credentials: false - - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + - uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0 with: python-version: "3.x" cache: "pip"